summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorHolger Hetterich <hhetter@novell.com>2010-02-02 00:14:28 +0100
committerJim McDonough <jmcd@samba.org>2010-03-16 09:52:10 -0400
commit5b7179d2a3708246c44c5c5126368588f9da74a0 (patch)
treeb7dce12b682a20c1131812e78504314a16fd0a65 /source3
parent6437df7d2ceedeb26be82e050b300ad55839a721 (diff)
downloadsamba-5b7179d2a3708246c44c5c5126368588f9da74a0.tar.gz
samba-5b7179d2a3708246c44c5c5126368588f9da74a0.tar.bz2
samba-5b7179d2a3708246c44c5c5126368588f9da74a0.zip
Add smbta-util to manage the encryption key.
This program allows the administrator to enable or disable AES encryption when using vfs_smb_traffic_analyzer. It also generates new keys, stores them to a file, so that the file can be reused on another client or server.
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in17
-rw-r--r--source3/modules/vfs_smb_traffic_analyzer.c1
-rw-r--r--source3/utils/smbta-util.c211
3 files changed, 225 insertions, 4 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 9d42047a0b..4c12157704 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -209,15 +209,16 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@
BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \
- bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@
+ bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@ \
+ bin/smbta-util@EXEEXT@
BIN_PROGS2 = bin/smbcontrol@EXEEXT@ bin/smbtree@EXEEXT@ $(TDBBACKUP) \
bin/nmblookup@EXEEXT@ bin/pdbedit@EXEEXT@ $(TDBDUMP) \
$(TDBTOOL)
BIN_PROGS3 = bin/smbpasswd@EXEEXT@ bin/rpcclient@EXEEXT@ bin/smbcacls@EXEEXT@ \
bin/profiles@EXEEXT@ bin/ntlm_auth@EXEEXT@ bin/sharesec@EXEEXT@ \
- bin/smbcquotas@EXEEXT@ bin/eventlogadm@EXEEXT@
+ bin/smbcquotas@EXEEXT@ bin/eventlogadm@EXEEXT@
BIN_PROGS4 = bin/ldbedit@EXEEXT@ bin/ldbsearch@EXEEXT@ bin/ldbadd@EXEEXT@ \
- bin/ldbdel@EXEEXT@ bin/ldbmodify@EXEEXT@ bin/ldbrename@EXEEXT@
+ bin/ldbdel@EXEEXT@ bin/ldbmodify@EXEEXT@ bin/ldbrename@EXEEXT@
TORTURE_PROGS = bin/smbtorture@EXEEXT@ bin/msgtest@EXEEXT@ \
bin/masktest@EXEEXT@ bin/locktest@EXEEXT@ \
@@ -882,6 +883,10 @@ TESTPARM_OBJ = utils/testparm.o \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
$(LIBSMB_ERR_OBJ)
+SMBTA_UTIL_OBJ = utils/smbta-util.o $(PARAM_OBJ) $(POPT_LIB_OBJ) \
+ $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) \
+ $(LIBSMB_ERR_OBJ) $(FNAME_UTIL_OBJ)
+
TEST_LP_LOAD_OBJ = param/test_lp_load.o \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
$(POPT_LIB_OBJ) $(LIBSAMBA_OBJ)
@@ -1619,6 +1624,11 @@ bin/testparm@EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ $(LIBTALLOC
@$(CC) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+bin/smbta-util@EXEEXT@: $(BINARY_PREREQS) $(SMBTA_UTIL_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+ @echo Linking $@
+ @$(CC) -o $@ $(SMBTA_UTIL_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+ $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+
bin/smbstatus@EXEEXT@: $(BINARY_PREREQS) $(STATUS_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
@echo Linking $@
@$(CC) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
@@ -1854,7 +1864,6 @@ $(LIBTALLOC_SHARED_TARGET): $(LIBTALLOC_SHARED_TARGET_SONAME)
$(LIBTALLOC_STATIC_TARGET): $(BINARY_PREREQS) $(LIBTALLOC_OBJ0)
@echo Linking non-shared library $@
@-$(AR) -rc $@ $(LIBTALLOC_OBJ0)
-
libtalloc: $(LIBTALLOC)
cleanlibtalloc::
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 9bc0d2ef73..4465425927 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -542,6 +542,7 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
" found, encrypting data!\n"));
AES_KEY key;
samba_AES_set_encrypt_key(akey, 128, &key);
+ free(akey);
s1 = strlen(str) / 16;
s2 = strlen(str) % 16;
DEBUG(10, ("smb_traffic_analyzer_send_data_socket: found %i"
diff --git a/source3/utils/smbta-util.c b/source3/utils/smbta-util.c
new file mode 100644
index 0000000000..13686ae7a0
--- /dev/null
+++ b/source3/utils/smbta-util.c
@@ -0,0 +1,211 @@
+/*
+ smbta-util: tool for controlling encryption with
+ vfs_smb_traffic_analyzer
+ Copyright (C) 2010 Holger Hetterich <hhetter@novell.com>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#include "includes.h"
+
+
+static void delete_key();
+
+
+static void help()
+{
+printf("-h print this help message.\n");
+printf("-f <file> install the key from a file and activate\n");
+printf(" encryption.\n");
+printf("-g <file> generate a key, save it to a file, and activate encryption.\n");
+printf("-u uninstall a key, and deactivate encryption.\n");
+printf("-c <file> create a file from an installed key.\n");
+printf("-s check if a key is installed, and print the key to stdout.\n");
+printf("\n");
+}
+
+static void check_key()
+{ size_t size;
+ if (!secrets_init()) {
+ printf("Error opening secrets database.");
+ exit(1);
+ }
+ char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
+ if (akey != NULL) {
+ printf("A key is installed: %s\n",akey);
+ printf("Encryption activated.\n");
+ free(akey);
+ exit(0);
+ } else printf("No key is installed.\n");
+ exit(1);
+}
+
+static void create_keyfile(char *filename, char *key)
+{
+ FILE *keyfile;
+ keyfile = fopen(filename, "w");
+ if (keyfile == NULL) {
+ printf("error creating the keyfile!\n");
+ exit(0);
+ }
+ fprintf(keyfile, "%s", key);
+ fclose(keyfile);
+ printf("File '%s' has been created.\n", filename);
+}
+
+/**
+ * Load a key from a file. The caller has to free the
+ * returned string.
+ */
+static char *load_key_from_file(char *filename)
+{
+ FILE *keyfile;
+ char *key = malloc(sizeof(char) * 17);
+ int l;
+ keyfile = fopen(filename, "r");
+ if (keyfile == NULL) {
+ printf("Error opening the keyfile!\n");
+ exit(0);
+ }
+ l = fscanf(keyfile, "%s", key);
+ if (strlen(key) != 16) {
+ printf("Key file in wrong format\n");
+ fclose(keyfile);
+ exit(0);
+ }
+ return key;
+}
+
+static void create_file_from_key(char *filename)
+{
+ size_t size;
+ char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
+ if (akey == NULL) {
+ printf("No key is installed! Can't create file.\n");
+ exit(1);
+ }
+ create_keyfile(filename, akey);
+ free(akey);
+}
+
+/**
+ * Generate a random key. The user has to free the returned
+ * string.
+ */
+static char *generate_key()
+{
+ char *key = malloc(sizeof(char)*17);
+ int f;
+ srand( (unsigned)time( NULL ) );
+ for ( f = 0; f < 16; f++) {
+ *(key+f) = (rand() % 128) +32;
+ }
+ *(key+16)='\0';
+ printf("Random key generated.\n");
+ return key;
+}
+
+static void create_new_key_and_activate( char *filename )
+{
+ if (!secrets_init()) {
+ printf("Error opening secrets database.");
+ exit(1);
+ }
+
+ char *key = generate_key();
+ delete_key();
+ secrets_store("smb_traffic_analyzer_key", key, strlen(key)+1 );
+ printf("Key installed, encryption activated.\n");
+ create_file_from_key(filename);
+ free(key);
+}
+
+static void delete_key()
+{
+ size_t size;
+ char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
+ if (akey != NULL) {
+ free(akey);
+ secrets_delete("smb_traffic_analyzer_key");
+ printf("Removed installed key. Encryption deactivated.\n");
+ } else {
+ printf("No key is installed.\n");
+ }
+}
+
+
+static void load_key_from_file_and_activate( char *filename)
+{
+ char *key;
+ char *akey;
+ size_t size;
+ key = load_key_from_file(filename);
+ printf("Loaded key from %s.\n",filename);
+ akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
+ if (akey != NULL) {
+ printf("Removing the old key.\n");
+ delete_key();
+ }
+ printf("Installing the key from file %s\n",filename);
+ secrets_store("smb_traffic_analyzer_key", key, strlen(key)+1);
+ free(key);
+}
+
+static void process_arguments(int argc, char **argv)
+{
+ char co;
+ while ((co = getopt(argc, argv, "hf:g:uc:s")) != EOF) {
+ switch(co) {
+ case 'h':
+ help();
+ exit(0);
+ case 's':
+ check_key();
+ break;
+ case 'g':
+ create_new_key_and_activate(optarg);
+ break;
+ case 'u':
+ delete_key();
+ break;
+ case 'c':
+ create_file_from_key(optarg);
+ break;
+ case 'f':
+ load_key_from_file_and_activate(optarg);
+ break;
+ default:
+ help();
+ break;
+ }
+ }
+}
+
+int main(int argc, char **argv)
+{
+ sec_init();
+ load_case_tables();
+
+ if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
+ fprintf(stderr, "Can't load %s - run testparm to debug it\n",
+ get_dyn_CONFIGFILE());
+ exit(1);
+ }
+
+ if (argc == 1) {
+ help();
+ exit(1);
+ }
+
+ process_arguments(argc, argv);
+}